Brexit: Managing Cross-border Complexity

With the submission of the Article 50 letter by the British Government to the European Commission on the 29th of March this year, the process by which the United Kingdom will withdraw from the European Union (EU), commenced. Under the provisions of Article 50, the exit will need to take place by the 29th of March 2019. For all firms, the associated challenges and timelines are no laughing matter. This is especially so for the Financial Services firms who have substantial operations in the United Kingdom and the EU. They will now need to plan for and implement against significant and complex change management across their people, processes, technology and data.

In order to ensure their own ongoing success and to preserve, more generally, a durable and resilient financial services sector in the UK and the EU, many firms are setting aside budgets of £200 million and more to finance the operational and technical tribulations ahead. Firms are not unfamiliar with needing to manage large change programmes. But, it must be noted that within the very tight timelines involved (the next 18 months or so) planning and implementation of this required change will need to be particularly forceful, flexible and capable of prompt reaction to evolving needs.

In order to figure out what must be planned for and implemented, it is important to understand what the (likely) consequences will be. For banks and other financial services firms, the key outcome will be the assumption that “passporting” into the EU will no longer be legally available for UK firms once the UK has exited the single market. [The EU passporting system for banks and financial services companies enables firms that are authorised in any EU or EEA state to trade freely in any other with minimal additional authorisation.] With this loss of right and also with expected changes to freedom of movement for key staff between the UK and EU countries, plans and decisions will need to be made in the context of:

• The location of registered head office and subsidiaries
• Location of key front and back-office operational activities
• An assessment and understanding of the regulatory status of HQ and subsidiaries across the relevant jurisdictions

Taking into consideration the above factors and the possible outcomes, it would be beneficial to consider a number of specifics related to planning and implementing a Brexit strategy.

For example, answering the following questions will inform you about what parts of your business should be located in which jurisdiction:

• What entities serve our existing client base and where are these clients?
• Based on an understanding of my clients and their business, how might this change post Brexit?
• What cross border business do I envisage?
• What will the regulatory impacts on this business be?
• Have I mapped out my current regulator relationships across entity and jurisdiction?

Ideally, when answering questions like this you are able to collate an answer; then you should be able to proceed to articulate a possible/probable future state related to a new model for operations, technology, regulatory compliance and governance. And, in turn, developing this new view will enable you to determine what new resources, particularly enabling technology, need to be built or bought in the months ahead.

Having touched on the higher-level considerations above, when looking at client lifecycle management (CLM) requirements, of particular concern are the areas relating to regulatory compliance (interpretation, application/adherence and audit thereof) and, accordingly, with data management. Let’s consider these facets in a little more detail:


The identification and management of upcoming regulatory rules will be at the forefront of challenges facing firms as they design their post-Brexit business and operating models. As noted earlier, the passporting rules that enable cross-border provision of services within EEA member countries will no longer be available to firms in the UK. The loss of this right now means that establishing and having the correct regulatory ratification to carry out business with a current EEA/EU client-base is key. Current research and review has outlined two main areas of focus financial institutions should consider:

• To investigate and understand which countries allow branches of third-country firms (as UK based financial services firms will become post-Brexit) to conduct business in their country; subject to national as opposed to EU regulatory stipulations. Having this mapped and understood will allow for a firm to plan how to use their existing branches, across these countries, to perform their business appropriately.
• If the firm does not have a subsidiary based in one of the EU27 countries, then a new subsidiary could be established and authorised for business. This path is, however, a complex, costly and timely one.

Whatever the case, firms recognise that any fresh operating model will need to assure the applicable regulatory and supervisory standards of all involved countries, while also taking into consideration the preferences of their own customers who may, historically or for their own purposes, have jurisdictions in which they would prefer to do business. This context clearly indicates that, in a future that will most likely have new booking models operating between existing and new booking entities, firms will have to have an appropriate, functioning “cross-border” operating model, enabled by supporting technological infrastructure that will facilitate both intra- and inter-jurisdiction client onboarding.

Perhaps the easiest way to understand the impact these complexities will have would be by asking a few questions:

• Where is my client post-Brexit? EEA/EU/UK?
• What AML/KYC checks do I need to do?
• What regulations am I complying within each EU/local jurisdiction?
• Which of my entities will my client be contracted to?
• What internal service agreements/contracts do I require if, for example my sales team are in UK, but Ops/Regs are in EU?
• Where are my products/services regulated/domiciled? This can cross a number of jurisdictions.
• Do I need to take into consideration the Manufacturer and Distributor obligations under MiFID2

The potential answers (combination of answers) to these questions show that clearly, whatever the new model will be, in order to function at all, it will need to be unambiguous, consistent and comprehensible. Especially if remote booking (between entities) becomes the norm, it will be absolutely critical to have supporting technology that will enable the management of the onboarding processes, application of the correct regulations, governance, risk management and reporting.

Data is Critical

Finally, to one of our favourite subjects; data. Data comes to the forefront of critical considerations because, without a prior successful migration of relevant client, regulatory and account data, the post-Brexit target operating model will not function. To manage the required migration activities between existing and potentially new entities, all relevant data repositories and applications must be analysed, the new data flows will need to be documented and legacy data will need to be identified and remediated. Into this mix, issues relating to global client consent, data protection and data privacy rules across multiple jurisdictions must also be analysed and practical solutions found.

As we have noted before, in the framework of tackling the challenge of Client Lifecycle Management in general in the light of Brexit, and what it will mean for firms over the next 24 months. Success can only come from being clear on where you are going, getting the right help and by doing the foundational work upfront.

Good luck, Bonne chance, Viel Glück, Buona fortuna, Buena suerte!